2014-20-November-yawn.jpg
Here's good news for every company that's careless with personally identifiable information: Your customers apparently don't care.

A new study by global IT association ISACA shows that consumers haven’t changed their shopping behaviors despite a year of retail data breaches — worrisome, the organization maintains, especially with the shopaholic trifecta of Thanksgiving Day, Black Friday and Cyber Monday is just a week away.

It's not that consumers are unaware of the problem. According to the 2014 ISACA IT Risk/Reward Barometer, almost all US consumers (94 percent) have read or heard about major retailer data breaches in the past year. But while three-fourths of those surveyed claim those data breaches have increased their concerns about their personal data privacy, few are doing anything about it.

What? Me Worry?

Fewer than half have changed an online password or PIN code (45 percent), made fewer online purchases using mobile devices (15 percent) or shopped less frequently at one or more of the retailers that experienced a data breach (28 percent), the study found. 

As one woman told CMSWire yesterday, "I don't believe there is any privacy online anymore so I've essentially given up."

ISACA’s IT Risk/Reward Barometer examines attitudes and behaviors related to the risks and rewards of key technology trends, including the Internet of Things, big data and bring your own device (BYOD) policies. The 2014 Barometer consists of two components: a survey of 1,646 ISACA members who are IT and business professionals around the world, including 452 in the US, and a survey of more than 4,000 consumers in four countries, including 1,209 in the US.

Robert Stroud, international president of ISACA and vice president of innovation and strategy at New York City-based CA Technologies, said this year's study confirms there's a "huge gap" between people’s concerns about protecting their data privacy and security versus the actions they take. While that cavalier attitude may be comforting to companies and brands with inadequate or outdated data security policies and little or no information governance, Stroud disagrees. 

Reduce the Risks

“Businesses need to address this gap by aggressively educating both customers and employees about how they can help reduce the risk or minimize the impact of data breaches or hacks,” he said, adding that ISACA recently established the Cybersecurity Nexus (CSX) as a resource enterprises can turn to for security advice.

ISACA recommends obvious but too often ignored strategies: Consumers should protect their personal information with strong passwords unique to each account, protect their devices with current security software and verify that online transactions are secure by looking for a padlock icon displayed in the browser.

Here's what else the ISACA report found, visualized by CMSWire's Jackie Jordan.

2014-20-November-InfoGraphic-Risk-Reward

Title image by Robert S. Donovan  (Flickr) via a CC BY-NC-SA 2.0 license.